]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
GnuTLS: Make debug prints clearer for cert/key parsing
authorJouni Malinen <j@w1.fi>
Thu, 28 Dec 2017 11:18:15 +0000 (13:18 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 28 Dec 2017 20:33:12 +0000 (22:33 +0200)
Indicate more clearly when the parsing succeeds to avoid ending the
debug prints with various internal GnuTLS internal error messages even
when the parsing actually succeeded in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/crypto/tls_gnutls.c

index b94f1ea75bd6b64b2dd05c11b218dd344fe2dd75..da205a864c9b4664b73f9d00dd30ba79cf726676 100644 (file)
@@ -425,6 +425,13 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                                           gnutls_strerror(ret));
                                return -1;
                        }
+                       wpa_printf(MSG_DEBUG,
+                                  "GnuTLS: Successfully read CA cert '%s' in PEM format",
+                                  params->ca_cert);
+               } else {
+                       wpa_printf(MSG_DEBUG,
+                                  "GnuTLS: Successfully read CA cert '%s' in DER format",
+                                  params->ca_cert);
                }
        } else if (params->ca_cert_blob) {
                gnutls_datum_t ca;
@@ -472,6 +479,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
        }
 
        if (params->client_cert && params->private_key) {
+               wpa_printf(MSG_DEBUG,
+                          "GnuTLS: Try to parse client cert '%s' and key '%s' in DER format",
+                          params->client_cert, params->private_key);
 #if GNUTLS_VERSION_NUMBER >= 0x03010b
                ret = gnutls_certificate_set_x509_key_file2(
                        conn->xcred, params->client_cert, params->private_key,
@@ -483,8 +493,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                        GNUTLS_X509_FMT_DER);
 #endif
                if (ret < 0) {
-                       wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
-                                  "in DER format: %s", gnutls_strerror(ret));
+                       wpa_printf(MSG_DEBUG,
+                                  "GnuTLS: Failed to read client cert/key in DER format (%s) - try in PEM format",
+                                  gnutls_strerror(ret));
 #if GNUTLS_VERSION_NUMBER >= 0x03010b
                        ret = gnutls_certificate_set_x509_key_file2(
                                conn->xcred, params->client_cert,
@@ -501,11 +512,19 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                                           gnutls_strerror(ret));
                                return ret;
                        }
+                       wpa_printf(MSG_DEBUG,
+                                  "GnuTLS: Successfully read client cert/key in PEM format");
+               } else {
+                       wpa_printf(MSG_DEBUG,
+                                  "GnuTLS: Successfully read client cert/key in DER format");
                }
        } else if (params->private_key) {
                int pkcs12_ok = 0;
 #ifdef PKCS12_FUNCS
                /* Try to load in PKCS#12 format */
+               wpa_printf(MSG_DEBUG,
+                          "GnuTLS: Try to parse client cert/key '%s'in PKCS#12 DER format",
+                          params->private_key);
                ret = gnutls_certificate_set_x509_simple_pkcs12_file(
                        conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
                        params->private_key_passwd);